[Samba] Samba / AD / Winbind issues
John H Terpstra
jht at PrimaStasys.Com
Sun May 8 04:00:50 GMT 2005
On Saturday 07 May 2005 21:52, Kevin M. Barrett wrote:
> List members,
>
> I have an issue that I hope one of you can help me with ... I have
> set up a AD ( 2003 ) as PDC and a RHE3 AS server running Samba V3.0.6-2.3E
> following the instructions in the HOW-TO- By example. Here is what I have
> at the moment ..
Wowa! Which are you following? The Samba-3 HOWTO and Reference Guide, or
Samba-3 by Example? More importantly, which version? Printed or on-line PDF?
Yes, I would like to know as I am in the process of updating both.
Now, what is the returned information from executing the following?
net ads testjoin
net ads info
- John T.
> I had no problems adding the RH server to the Domain and I have Winbind set
> up in the nsswitch.conf file for passwd, group and hosts
>
> I can do a "wbinfo -u" and it returns
>
> D1+Administrator
> D1+Guest
> D1+SUPPORT_388945a0
> D1+IUSR_MEDIA-1
> D1+IWAM_MEDIA-1
> D1+WMUS_MEDIA-1
> D1+MEDIA-1$
> D1+krbtgt
> D1+tuser2
> D1+kmb
> D1+HOST/gs005
> D1+HOST/gs015
>
> wbinfo -g returns
>
> BUILTIN+System Operators
> BUILTIN+Replicators
> BUILTIN+Guests
> BUILTIN+Power Users
> BUILTIN+Print Operators
> BUILTIN+Administrators
> BUILTIN+Account Operators
> BUILTIN+Backup Operators
> BUILTIN+Users
> D1+Domain Computers
> D1+Domain Controllers
> D1+Schema Admins
> D1+Enterprise Admins
> D1+Domain Admins
> D1+Domain Users
> D1+Domain Guests
> D1+Group Policy Creator Owners
> D1+DnsUpdateProxy
>
>
> Now when I perform a smbclient command such as
>
> smbclient -L //gs005/ -Utuser2
> Password:xxxxxxxx
> session setup failed: NT_STATUS_LOGON_FAILURE
> [root at gs005 etc]#
>
> as you can see I am running this on the same server that I'm looking for
> the list from. I get the same results using localhost and 127.0.0.1 as
> well. Also I get the same result when I run this command on another Linux
> box asking for the same info...
>
> The Winbind trace looks like this.
>
> user 'tuser2' does not exist
> [10175]: getpwnam D1+TUSER2
> rpc: name_to_sid name=TUSER2
> name_to_sid [rpc] TUSER2 for domain D1
> Connected to LDAP server 192.168.14.168
> got ldap server name media-1 at D1.SANDTEST.COM, using bind path:
> dc=D1,dc=SANDTEST,dc=COM
> IPC$ connections done anonymously
> Connecting to host=MEDIA-1
> Connecting to 192.168.14.168 at port 445
> Doing spnego session setup (blob length=112)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 113554 1 2 2 3
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=media-1$@D1.SANDTEST.COM
> Doing kerberos session setup
> Ticket in ccache[MEMORY:cliconnect] expiration Sun, 08 May 2005 09:49:08
> GMT user 'TUSER2' does not exist
> [10175]: getpwnam tuser2
> [10175]: getpwnam TUSER2
> [10175]: create_user: user=>(tuser2), group=>()
> winbindd_create_user: Cannot validate gid for group ('Domain Users')
> [10175]: getpwnam tuser2
> [10175]: getpwnam TUSER2
>
> Any body seen this and know where I should go to look for a solution.
>
> Thanks
>
> Kevin
>
>
>
>
> Kevin M. Barrett
>
> KMB IT Consulting, Inc
> 508-450-7717
--
John H Terpstra,
Clerk of Session
Christ Presbyerian Church (OPC)
Salt Lake City, Utah.
Phone: (801) 936-1367
Cell: (650) 580-8668
More information about the samba
mailing list